CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52234 – WordPress Booster Elite for WooCommerce plugin < 7.1.2 - Auth. Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2023-52234
05 Jan 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Elite for WooCommerce.This issue affects Booster Elite for WooCommerce: from n/a before 7.1.2. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Booster Booster Elite para WooCommerce. Este problema afecta a Booster Elite para WooCommerce: desde n/a antes de 7.1.2. The Booster Elite for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capabilit... • https://patchstack.com/database/vulnerability/booster-elite-for-woocommerce/wordpress-booster-elite-for-woocommerce-plugin-7-1-2-authenticated-arbitrary-order-information-disclosure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51511 – WordPress Booster Elite for WooCommerce plugin < 7.1.3 - Authenticated Production Creation/Modification Vulnerability
https://notcve.org/view.php?id=CVE-2023-51511
27 Dec 2023 — Improper Authentication vulnerability in Pluggabl LLC Booster Elite for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster Elite for WooCommerce: from n/a before 7.1.3. Vulnerabilidad de autenticación incorrecta en Pluggabl LLC Booster Elite para WooCommerce permite acceder a funciones que no están correctamente restringidas por las ACL. Este problema afecta a Booster Elite para WooCommerce: desde n/a antes de 7.1.3. The Booster Elite for WooCommerce plugi... • https://patchstack.com/database/vulnerability/booster-elite-for-woocommerce/wordpress-booster-elite-for-woocommerce-plugin-7-1-3-authenticated-production-creation-modification-vulnerability?_s_id=cve • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2022-4017 – Booster for WooCommerce - Multiple CSRF
https://notcve.org/view.php?id=CVE-2022-4017
02 Jan 2023 — The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plus for WooCommerce WordPress plugin before 6.0.1, Booster Elite for WooCommerce WordPress plugin before 6.0.1 have either flawed CSRF checks or are missing them completely in numerous places, allowing attackers to make logged in users perform unwanted actions via CSRF attacks Las versiones del complemento Booster para WooCommerce de WordPress anteriores a la versión 6.0.1, así como las versiones anteriores a la 6.0.1 del complemento Booste... • https://wpscan.com/vulnerability/609072d0-9bb9-4fe0-9626-7e4a334ca3a4 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 1CVE-2022-4227 – Booster for WooCommerce - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-4227
05 Dec 2022 — The Booster for WooCommerce WordPress plugin before 5.6.3, Booster Plus for WooCommerce WordPress plugin before 6.0.0, Booster Elite for WooCommerce WordPress plugin before 6.0.0 do not escape some URLs and parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting El complemento Booster para WooCommerce de WordPress anterior a 5.6.3, el complemento de WordPress Booster Plus para WooCommerce anterior a 6.0.0 y el complemento de WordPress Booster Elite para WooCommerce an... • https://wpscan.com/vulnerability/90d3022c-5d35-4ef2-ab87-6919268db890 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •